-
January 16th, 2004 03:00 AM
#1
 Firewall Portscans
Whoa, i just checked the logs from my firewall and i have 6 or 7 port scans in the last two days. Wierd thing is, unlike everything else, my kerio firewall permitted them! I have it set to deny all intrusions and port scans. anyone know what could be up?
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
January 16th, 2004 03:31 AM
#2
I have been getting quite a lot (20+/day) of scans on TCP 445, but Agnitum seems to be blocking them.
Which ports were yours on?
Cheers
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
-
January 16th, 2004 04:26 AM
#3
Member
There seem to be some issues with the IDS module, it seems to lack permit and deny configuration options. Also, some logging issues. Check out dslreports. They have a kerio firewall forum and some folks speak of the same issue you are seeing.
- Boyam
-
January 16th, 2004 08:50 PM
#4
Which ports were yours on?
It doesnt say. It just says "Portscan from ***.***.*** at 1/14/04" or "Portscan from ***.com"
slick
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
January 16th, 2004 09:00 PM
#5
Originally posted here by nihil
I have been getting quite a lot (20+/day) of scans on TCP 445, but Agnitum seems to be blocking them.
Which ports were yours on?
Cheers
You need a NAT router nihil. 
-
January 16th, 2004 09:26 PM
#6
Member
If your firewall normally records ports/services scanned, they may just be ping sweeps.
[gloworange]
find /home/$newbie -name *? | www.google.com 2>/dev/null
[/gloworange]
-
January 16th, 2004 09:41 PM
#7
Member
Please, no flames (I would like serious answers) but what is the big deal? So what if someone scans your network, I'm not trying to be a smarta$$. Is it because it takes up bandwidth, or extra time to go through logs, is a portscan harmful to a network or just annoying? If someone is just scanning as opposed to trying to actually penetrate a network whats the big deal?
-
January 16th, 2004 09:53 PM
#8
No, its no big deal, its just that im wondering why my firewall would deny everything else, and allow them.
slick
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
January 16th, 2004 09:58 PM
#9
My firewall distinguishes between portscans and "pings"
ttau:
Port scanning is the height of bad manners, apart from indicating a potential attempt to infiltrate the system, which is a threat and does take time to check.
I have had to turn off interactive alarm because a hit every second is somewhat distracting.
When your firewall indicates scans on unusual ports, this is either someone trying to consciously access your system (you have to assume the worse) or a new worm is trying to spread through the net.
A very basic explanation but that is the gist of it.
Cheers
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
-
January 17th, 2004 03:18 AM
#10
I've never used kerio, so I don't know if this is relavant. Have you ever has a trusted zone setup in the firewall, like a friend's IP using a VPN or a DMZ passthrough? Like I said I don't know, but aside from a software bug, it the only thing that comes to mind. 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
Reply With Quote
Bookmarks